RocketMQ versions 5.1.0 and below are vulnerable to arbitrary code injection. Broker component of RocketMQ is leaked on the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.
b33a501b649fb4900d4cb03d01bea674dda00bc78e807afce60061fd47ecfcea
Ubuntu Security Notice 6206-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NTFS file system implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service.
b70b10fbc09eecc7f6450b8fc75f5405f53df4d3f357186781fb86507683fc60
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.
bc25144c39d2d2fec969828ee8a61334a575de0ca5bb0e4f7cad8fb500ed6004
Ubuntu Security Notice 6207-1 - It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service. It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service.
078d5bcad96bf9c3bb2527dc64d2f00742ddc07203c5630cbb8b66d7899217b6
Ubuntu Security Notice 6205-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that for some Intel processors the INVLPG instruction implementation did not properly flush global TLB entries when PCIDs are enabled. An attacker could use this to expose sensitive information or possibly cause undesired behaviors.
1e0378175b2b42d9f4258786c914e5e09bd243dd1b66dd78e4ec49a6f464c83b
Red Hat Security Advisory 2023-3925-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.23.
724accdac3b7f95b4f3363d179ec538613ecd750bc64aa5314da609103e8ad20
Red Hat Security Advisory 2023-3924-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.23.
7e91a97286f7fc38429605d4c3b1f557a38f8685fe741fc4a6501cb405cf961a
Piwigo version 13.7.0 suffers from a persistent cross site scripting vulnerability.
8f0e463182c281e8719331ad75f9bfbd84419ff6eddba2d0e21b1929bf03283f
Lost and Found Information System version 1.0 suffers from a remote SQL injection vulnerability.
26d0f1deb4fda9d9af13364671a7e8c2b6885870a63d654ccb53313326691e2a
Gila CMS version 1.10.9 suffers from a remote code execution vulnerability.
2f98e022c36d4823c99621e22d256fee74a522350ff8b0286aff3c8f5ed8040f
DANGEROUS MAILER-CLONED version 2.0 suffers from an information leakage vulnerability.
f03de4c422ac25cb41a8b39e9d9538bb67cf2f33c39a55e2b1808c8e26ab5956
DaillyTools suffers from a remote command execution vulnerability.
753f6c8ba04fde362a5ca45847a1b34db043b743bb604d2cd7b95763de40b0c6
CakePHP Test Suite version 2.7.0 suffers from a cross site scripting vulnerability.
7a9ddf4620ae96b9812069eee45ec59d3d0ff9bd6641647204873c7ee530dbd1
Aplikasi Sistem Informasi Kelulusan CMS version 1.0.9 suffers from a local file inclusion vulnerability.
59f660cdd376fb256fa94756579e9bb22c08fffdc7729f1376e15f3399c9846b
AGVirtues Galeria version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
3cb042a5ee64bc830f207a27703658b494bc7c58d935a433c50f598447b2f8b2